IETF Logo Mail Archive

Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bis-19.txt> (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard

David Conrad <drc@virtualized.org> Mon, 19 August 2013 21:55 UTC

Return-Path: <drc@virtualized.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 08F8011E830D for <ietf@ietfa.amsl.com>; Mon, 19 Aug 2013 14:55:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lF5aTYjCpXD5 for <ietf@ietfa.amsl.com>; Mon, 19 Aug 2013 14:55:11 -0700 (PDT)
Received: from alpha.virtualized.org (alpha.virtualized.org [199.233.229.186]) by ietfa.amsl.com (Postfix) with ESMTP id 7711D11E8141 for <ietf@ietf.org>; Mon, 19 Aug 2013 14:55:03 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by alpha.virtualized.org (Postfix) with ESMTP id 0A33F8712A for <ietf@ietf.org>; Mon, 19 Aug 2013 17:54:48 -0400 (EDT)
Received: from alpha.virtualized.org ([127.0.0.1]) by localhost (alpha.virtualized.org [127.0.0.1]) (maiad, port 10024) with ESMTP id 01793-01 for <ietf@ietf.org>; Mon, 19 Aug 2013 17:54:47 -0400 (EDT)
Received: from terminus.lan (menlopark.keplers.com [74.93.6.213]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: drc@virtualized.org) by alpha.virtualized.org (Postfix) with ESMTPSA id 9897D87128 for <ietf@ietf.org>; Mon, 19 Aug 2013 17:54:46 -0400 (EDT)
From: David Conrad <drc@virtualized.org>
Content-Type: multipart/signed; boundary="Apple-Mail=_4EEBAF9D-3034-4958-ACAC-DE10DC442AC2"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Message-Id: <B443E973-858A-4958-964B-B0F0FBDF5A7A@virtualized.org>
Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\))
Subject: Re: [spfbis] Last Call: <draft-ietf-spfbis-4408bis-19.txt> (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard
Date: Mon, 19 Aug 2013 14:54:44 -0700
References: <20130819150521.GB21088@besserwisser.org> <20130819160549.61542.qmail@joyce.lan> <20130819190533.GA30516@besserwisser.org> <4751241.GTNxysAlzm@scott-latitude-e6320>
To: ietf@ietf.org
In-Reply-To: <4751241.GTNxysAlzm@scott-latitude-e6320>
X-Mailer: Apple Mail (2.1508)
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Aug 2013 21:55:20 -0000

Hi,

On Aug 19, 2013, at 12:10 PM, Scott Kitterman <scott@kitterman.com> wrote:
> Operationally, there are far more problems associated with actually trying to 
> use Type 99 than there are with SPF records in Type TXT.

Given the abysmal state of implementation of middleboxes _today_, this isn't surprising.  I'm unsure this sad state applies for all future time to come.

> As Michael Hammer mentioned, we've been through all this before and people 
> might want to review the previous WG discussion on the topic.

+1

However, despite the operational issues mentioned above and the fact that this has been discussed to death, I also strongly oppose the deprecation of the SPF record. AFAICT, no one is arguing that overloading TXT in the way recommended by this draft is a good idea, rather the best arguments appear to be that it is a pragmatic "least bad" solution to the fact that (a) people often implement (poorly) the very least they can get away with and (b) it can take a very long time to fix mistakes on the Internet. 

Of course, both (a) and (b) can be improved over time.  The argument that "it's already been X years and only Y% of implementers have supported SPF so we should throw in the towel now" seems specious to me since:

1) the SPF type code has been allocated -- it isn't going away or going to be reused: deprecation gains nothing from a DNS perspective;
2) pretty much every implementation of name servers supports SPF (to one degree or another);
3) there exist implementations of DNS frontend UIs that support SPF and since the semantics are identical to TXT, future implementation would seem to be trivial if a UI supports TXT; and
4) deprecation of SPF imposes additional complexity on every other protocol implementation that uses TXT at the zone apex either now or in the future.

In the past, the IETF/IESG has frowned on 'squatting' on port numbers, addresses, etc., regardless of the potential operational implications of accepting that squattage. I personally feel the use of TXT in this context is only marginally different than squatting. In my view, deprecating SPF only makes sense if the protocol that would use SPF is not going to see further deployment.  Since as far as I know, the point of 4408bis is to clarify implementation requirements for future implementations, deprecation makes no sense to me.

Regards,
-drc

v2.23.0 | Report a Bug | By Email